|
Blocking Emule with Iptables
Iīm using a Linux Firewall at work and I can see that some userīs are connecting to Emule (etc). Thatīs terrible for the productivity of the internet connection for others, so I would like to block the access for Emule, and alikes.
I have these line to block Kazaa but didnīt find any for blocking the emule. Is it written correctly. # Bloquear KaZaA /sbin/iptables -A FORWARD -d 213.248.112.0/24 -j REJECT /sbin/iptables -A FORWARD -p TCP --dport 1214 -j REJECT Thanks all! |
Most p2p applications use configurable ports. So just blocking the well known ports works only for users who don't know what they are doing. I've had great success in cutting down p2p traffic with this:
http://www.ipp2p.org/ |
Well, Iīm a newbie so I wouldnīt try right now to put IPP2P on our server. My boss is on vacation (he is the system admin) and so Iīm just looking for something like putting a line in the IPtables rules to block access... The problem is that some of the users, know what they are doing, so can you guys help me with something less complicated that would do the trick. At least for about 20 days???
I would like something that if a problem occurs, I just have to comment the line and it would go back to normal... anyway thanks a lot. And the IPP2P will be something I certainly will bring up when my boss arrives. P.S.: Can I monitor the ports that are being used, is there a fixed IP number in order to connect to emule? So that I can block that IP and it would be done? Etc. Anything would be of great help. Thanks again! Palula Brasil. |
These are the ports used by eMule.
Blocking some of them might throws some mindless users away : http://www.emule-project.net/home/pe...&rm=show_topic |
Ports... I would like information regarding --dport --sport.
6) Local Port: any Remote Port: 4665 Protocol: UDP Direction: outgoing Purpose: Source asking on servers Note: Servers using the default port 4661 TCP (see #5) automatically set their port for source asking to 4665 UDP. If a server uses a different port in #5 the corresponding UDP port is set to [Connection Port + 4]. For firewalls the remote port here is any. 7) Local Port: 4711 Remote Port: any Protocol: TCP Direction: incoming Purpose: Webserver Note: This is the default port for the web interface. When using a router this port has to be forwarded or no connection to the webserver will be possible. As you guys can see, the 4665 port is outgoing, and the 4711 port is incoming, so should I use --dport for 4665 and --sport for 4711. And what if a port is incoming/outgoing? For example: port 4662. Thanks in advance!!! |
it depends on how you build your rules.
--dport mean "destination port", so the port "where your computer is trying to connect". --sport mean "source port", so the port "from where you are trying to connect". No need to remind that a network communication usually look like the following : [Your Computer]port 30123------>port 4665[Server] or [Server]port 4665--------->port 30123[Your Computer] it's all about how you build your firewall... like,if you are trying to prevent clients from talking to servers or preventing servers to answer to your clients (once your clients first tried to initiate communication). |
Sorry but it still seems too far out for me...
Could you try to explain in a more understandable way? For example, it is very easy for me to understand the Kazaa rules up there. Based on what I said what would you do? I donīt want any kind of connection between the users of my LAN and Emule. I want Emule to be totally dead. Thanks a lot. |
--dport mean "destination port", so the port "where your computer is trying to connect".
--sport mean "source port", so the port "from where you are trying to connect". Is it more or less, like this? --dport gives more importance to the server port... --sport gives mor importance to my port (literally on my computer). If I want to block connection "to" somewhere, I use --dport... If I want to block connection "from something going out a specific port in my computer", I use --sport... If thatīs the main thing within these two choices, I would automatically block the destination (-dport) because itīs more reliable isnīt it? Letīs suppose emule uses port 1234 and that preferrably, users should open port 3223 to connect to that port (1234). If I block --sport to 3223, and the client to another port... It can still connect to 1234 using another source port. But what if I blocked the destination port 1234. There canīt be any connection at all right? Was that way over my head? Did I even get close!!! :) Anybody could help?? Thanks a lot! |
yup, now you get it I think :)
|
One thing that intrigues me!!!
How does the firewall know what is coming from the net and what is going to the net? For example, if I put this line: /sbin/iptables -A FORWARD -p tcp --dport 4662 -j REJECT For me it could be: anything that is going to the port 4662. It doesnīt matter if itīs going from my LAN to a computer outside... Or if itīs going from an outside connection to computers in my LAN, on port 4662. In short... One line blocks either way, anything that is destined to the port 4662, no matter if itīs in or out of my LAN. Is that true? |
yes it is true.
Usually, it is safer to use "-o <interface>" (output interface) or "-i <interface>" (input interface) arguement to avoid blocking useful trafic. As example : /sbin/iptables -A OUTPUT -p tcp --dport 4662 -o ppp0 -j REJECT Here, I assume you are "going to the net" using the interface "ppp0" (this is for dial-up or DSL, could be eth0 as well), this work. Of course in some case this kind of rules isn't applicable (as example, if your eth0 is used to access to the net AND to talk to a local network, trought a switch or a router as example), in that case you cuold use "-s <ip adress>" (source address) or "-d <ip address>" (destination ip address), as example : /sbin/iptables -A OUTPUT -p tcp --dport 4662 -d !192.168.0.255/255.255.255.0 -j REJECT This line reject all packets, going to the port 4662 that are NOT going to the destination "range" 192.168.0.255, (so if your "private network range" is 192.168.0.255, you will be able to use this port locally, but it it will be rejected if you try to go outside... clever, isn't it? :P ) |
Based on the configs exposed on the Emule site (common ports) would these rules work?
eth0 = My LAN NIC eth1 = My WAN NIC Code:
/sbin/iptables -A FORWARD -p tcp --dport 4662 -i eth1 -j REJECT |
To block eMule write:
Code:
iptables -A FORWARD -p tcp --dport 4661:4711 -j REJECT |
| All times are GMT -5. The time now is 04:17 PM. |